Installation

To use PHP's OpenSSL support you must also compile PHP --with-openssl[=DIR]
.

The OpenSSL library also has additional requirements for normal operation at
run-time. Most notably, OpenSSL requires access to a random or pseudo-random
number generator; on most Unix and Unix-like platforms (including Linux),
this means that it must have access to a /dev/urandom or
/dev/random device.

Note:
Note to Win32 Users

In order for this extension to work, there are
DLL files that must be available to the Windows
system PATH. For information on how to do this, see the
FAQ entitled "How do I add my PHP directory to the PATH
on Windows". Although copying DLL
files from the PHP folder into the Windows system directory also works
(because the system directory is by default in the system's
PATH), this is not recommended.
This extension requires the following files to be in the
PATH:libeay32.dll

Additionally, if you are planning to use the key generation and certificate
signing functions, you will need to install a valid
openssl.cnf file on your system.
As of PHP 4.3.0, we include a sample configuration file
in our win32 binary distributions.
PHP 4.3.x and 4.4.x has the file in the
openssl directory.
PHP 5.x and 6.x has the file in the
extras/openssl directory.
If you are either using PHP 4.2.x or missing the file, you can obtain it from
» the OpenSSL binaries page
or by downloading a recent PHP release.
Be aware that Windows Explorer hides the .cnf extension
by default and says the file Type is SpeedDial.

PHP will search for the openssl.cnf using the
following logic:

the OPENSSL_CONF environmental variable, if
set, will be used as the path (including filename) of the configuration
file.

the SSLEAY_CONF environmental variable, if
set, will be used as the path (including filename) of the configuration
file.

The file openssl.cnf will be assumed to be
found in the default certificate area, as configured at the time that
the openssl DLL was compiled. This is usually means that the default
filename is c:\usr\local\ssl\openssl.cnf.

In your installation, you need to decide whether to install the
configuration file at c:\usr\local\ssl\openssl.cnf or
whether to install it someplace else and use environmental variables
(possibly on a per-virtual-host basis) to locate the configuration file.
Note that it is possible to override the default path from the script using
the configargs of the functions that require a
configuration file.

User Contributed Notes 6 notes

Having recently installed Apache2.2 with PHP 5.2.17 on my Windows 7 development machine, I want to pass along my findings about how to set things up to load the correct versions of the OpenSSL DLLs. Many people have posted elsewhere about the "DLL Hell" that results if the a wrong version is loaded.

First, install Apache 2.2 and check its operation, then download the Windows binaries for PHP from http://windows.php.net/download/. Note that according to the sidebar on that page the recommended version of PHP for use with Apache2 is currently 5.2.17, even though it is back level. Plus, this version comes with all the DLLs you need to use OpenSSL -- no need to recompile as the old PHP man page suggests.

Having verified the PHP installation, turn on the OpenSSL support by uncommenting the line

extension=php_openssl.dll

in php.ini, which you will find in the PHP directory (I'll assume you made that c:/PHP). Next check the location of php_openssl.dll, which you should find in c:/PHP/ext. Also in php.ini find the key extension_dir, and change its value to c:/php/ext. Next, put this location on the end of your PATH (there's no need to reboot).

At this point, when you start Apache it will attempt to load php_openssl.dll, but if your setup is anything like mine you will see an error. I prefer to start Apache manually, and the error appears in a dialog box: "The ordinal 4114 could not be located in the dynamic link library LIBEAY32.dll". (I'm not sure whether you would get this message if you started Apache as a service). The Apache log also contains an error message saying that php_openssl.dll cannot be loaded, though that message doesn't name libeay32.dll. Welcome to DLL Hell.

Libeay32.dll enters the picture because php_openssl.dll depends on it (and also on ssleay32.dll). What I think happens is that Apache first tries to load php_openssl.dll programmatically from the path specified by the extension_dir key. But then, the loading of the so-called dependent DLLs is left to Windows' default mechanism. If Windows finds an incompatible version of a dependent DLL, you get the error.

So clearly the fix is to ensure that the correct version of libeay32.dll is loaded. On my machine, at least three other processes have loaded various versions of this same DLL. They include the Mozy backup client, Windows Explorer (because Mozy installs support in Explorer) and the OpenOffice suite. My machine is quite different in this respect from a dedicated server on which one probably wants as few extraneous processes as possible. Presumably on a server one can follow advice that suggests copying the dlls to the system32 directory, for example. But I'm not about to mess with my other programs by making system-wide changes.

So what to do? I didn't find the available information on how Windows searches for DLLs to be very useful, mainly because I didn't understand it. But it does say that the first place Windows looks is "The directory from which the application loaded."

To cut to the chase, after a lot of experimentation I came to a key realization -- "the application" is APACHE, not PHP. So I copied libeay32.dll to the Apache2.2/bin directory. Problem solved. No error messages and running phpinfo confirms that OpenSSL is present and enabled.

start>run>type cmdon windows console type:set PATH=%PATH%;e:\php(remember replace e:\php with YOUR directory)(note that using %path% is the same as var+=value, so the directory will be appended at the end of the variable)

php5 come with all the dll in the zip package so if you add the php directory to the path variable, you don't need to move anything to your windows system directory (very safe for later updates, because you just replace the content of your php directory)

After all these step you ready.. but of course you need to restart your IIS to apply changes, so

If you want to configure Apache2 under Windows to use OpenSSL - please, for the love of God, do NOT copy around, or even worse - overwrite any DLL's.First, modern Apache2 is shipped with relevant libraries, second - even if, for some reason, it can't find the right now - you can TELL it to use the right ones.LoadLibrary.Yes.That simple.

For anyone having problems enabling the PHP openssl extension on WINDOWS.

I uncommented: extension=php_openssl.dll and installed the latest versions of ssleay.dll and libeay.dll in <windows>\system32.

When I restarted my web server and examined phpinfo(), there was no "openssl" headed section (although there were references to openssl in other sections).

I also found this error in my web server logs (<apache dir>/logs/ssl.log and <apache dir>/logs/access.log).

PHP Warning: PHP Startup: Unable to load dynamic library 'C:\\Program Files\\PHP\\ext\\php_openssl.dll' - The operating system cannot run %1.\r\n in Unknown on line 0

I have PHP 5.2.6 running on Apache 2.2.3 for Windows.

CAUSE-----

This was caused by PHP picking up the WRONG VERSIONS of libeay.dll and ssleay.dll, which were present in multiple locations on my computer.

When any application attempts to use a dll file in windows, the system searches for this file using the following order: 1. The directory from which the application loaded. 2. The windows\system32 directory. 3. The windows\system directory. 4. The windows directory. 5. The current directory. 6. The directories that are listed in the PATH environment variable.

For PHP running under Apache, the application directory is <apache dir>\bin and NOT <php dir>. PHP was finding OUT OF DATE versions of libeay.dll and ssleay.dll in <apache dir>\bin (probably installed when I enabled SSL support in my web server). Because of this, the latest versions in windows\system32 were never reached.

NOTE: Although my problem was caused by an Apache2 specific configuration, I can imagine others might face this problem if, say, they install the openssl dlls in the PHP directory and add this directory to the PATH. I haven't checked it but I would imagine if another directory in the path contains outdated openssl dlls and this is listed before the PHP directory, a similar situation would occur.

SOLUTION--------

Either replace the dlls in the first location on the search order, or, as I did, you can install the latest openssl dlls in the the windows system32 directory and just rename to .old the ssleay.dll and libeay.dll files in the search order locations before windows\system32.